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that an amount for the payment transaction is debited to the smart card, the mobile device being able to use the telecommunications 
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5 Apparatus, Method and System for Payment Using a Mobile Device 

Field of the Invention 

The invention relates to apparatus for performing a payment or other similar 
transaction using a mobile device, and a method and system for performing such 
10 transactions. 

Definitions 

Throughout this specification reference to a smart card means a card form of a 
material body with a chip or module embedded in a special cavity. Examples of 

15 smart cards can be found in the white paper "Smart-Card Devices and 
Applications" dated January 2001 by Dustin Sorenson and found at 
www.delL com/us/en/biz/topics/vectors 200 1 -smartcard.htm The smart card may 
be a contactless smart card that uses an inbuilt antenna; a smart card that has 
contacts and thus requires physical contact with a terminal to operate; or a hybrid 

20 smart card that has both the antenna and contacts and can operate as a contact 
smart card and/or as a contactless smart card. 

Throughout this specification reference to a mobile device means a device for 
wireless communication or a device that includes one or more components for 
25 wireless communication; and includes a hand telephone, mobile telephone, 
cellular telephone. Personal Digital Assistant with telecoixmnuiications facilities, 
and laptop and notebook computers with telecommimications facilities. 

Throughout this specification reference to a contactless device or smart card 
30 means such a device or smart card with no visible module that communicates by 
means of a radio frequency signal, and where there is no need for physical contact 
between the device and another device for communication between them, even 
though such physical contact may take place. 



35 Background to the Invention 
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5 Payment has long been a key issue in both electronics commerce and mobile 
concmierce. Payment applications can be classified into different categories when 
considered from different aspects, each of which corresponds to different 
requirements and different transaction procedures. Payment applications can be 
separated into different categories based on the location of the payment terminal. 
10 A local payment relates to the transaction process from the customer to a local 
payment terminal, while a remote payment is the payment between the customer 
and a remote payment terminal. 

The present invention has as its primary objective a new apparatus or device that 
1 5 is useable for both local and remote payment applications as well as a new method 
and system to protect the security of the transaction based on that apparatus. 

Consideration of the Prior Art 

WOOl/56313 discloses payment for a location-dependant service using mobile 
20 positioning. The invention relates to an arrangement and a method for paying for 
location-dependant service using a mobile phone as a positioning device. The 
location-dependant service may include the likes of a gas station, car wash or a 
train or subway station. The user of the mobile device initiates a request/order of 
the service or goods. The service provider offering the service or goods will 
25 determine the geographical position of the cellular device. Based on the 
approximate geographical position determined, the service location will provide 
the service or goods. 

WOO 1/55984 discloses a flexible electronic system for conducting a commercial 
30 transaction. A computer-based system is provided in which commercial 
transactions can be conducted by a plurality of participating system members. 
Each member has a mobile device adapted to communicate with a general 
computerized server over an associated wireless network the server has a financial 
database record allocated to each member, and a plurality of merchants (each of 
35 which by definition has a financial data base record in the computerized server). 
The server is programmed such that financial transactions can be conducted by 
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5 remote operation of the mobile device of a participating system member, via the 
wireless ne^vork, to result in the debiting of a financial data base record 
associated with an instructing participating system member, and the crediting of a 
different financial data base record of another participating system member or a 
merchant. The system is flexible in that the server is further progranmied to: 
10 i) receive, in respect of transactions initiated otherwise than by 

way of the said mobile device, requests for the payment of an 
amoimt from a financial data base record of a participating 
system member; 

ii) communicate a message seeking authorization of such payment 
15 to the mobile device associated with the relevant participating 

system member; 

iii) receive a secure authorization signal approving of or rejecting 
the payment wherein such authorization signal is transmitted 
from the mobile device at the instance of the relevant 

20 participating system member; and 

iv) thereafter effect further processing of the payment or 
reservation request upon receipt of such authorization signal. 

WOO 1/55979 describes a pasrment device and method for secure payment. It 
25 relates to the implementation of data-secure payment services and devices. In 
particular, the invention relates to payment service equipment (PS) and to two 
methods in which PS is used. The paying with a payment card may be 
implemented via an information network such as the Internet in such a way that 
the payment is seciu-e, and the number of the client's payment card does not need 
30 to be transmitted over the data transmission network. The client is requested to 
provide a separate confirmation for effecting the payment. The information to be 
confirmed is sent to the terminal device of the client, preferably a mobile station, 
by means of which the client digitally confirms the order made by signaling the 
confirmation. The signed confirmation, as well as the electronic identity 
35 information associated with the client, is sent back to the PS. The PS verifies the 
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S client's identity, check the validity of the client's payment card, and transmits the 
payment information to the payment system. 

WOO 1/48707 describes a smart card payment tenninal. In order to solve the 
problem of mobile terminal operational costs, the invention provides that said 
10 payment terminals should operate in mixed mode in that it is capable of being 
connected both to a public mobile telephone network base station and to a private 
telephone network base station. The transmission mode selecting means are 
arranged such that preferably the private telephone network is favored since the 
tariff costs of such communications are less expensive. 

15 

WOO 1/25979 relates to a method for billing Internet transactions via a mobile 
radiotelephone service. By using WAP (Wireless Application Protocol), it is 
possible to select and, optionally, reserve goods and services (information, tickets, 
CD's, hotel rooms, etc) sold via the Internet. When the customer decides to 
20 purchase the goods or services, they conduct a payment transaction from the 
mobile radiotelephone device. The customer data required for conducting a 
payment transaction is centrally maintained in a database of a payment gateway. 

WOO 1/09851 describes smart card transactions using a wireless 
25 teleconmiunications network. A smart card transaction allows a consumer to load 
value onto a smart card and to make purchases using a smart card with a special 
mobile telephone handset over the teleconununications network. For loading, the 
system includes a mobile telephone handset including a card reader; a gateway 
computer; a funds issuer computer; and an authentication computer. The mobile 
30 telephone handset receives a request from a user to load a value onto the smart 
card. The handset generates a funds request message that includes the value, and 
sends the funds request message to a funds issuer computer. The funds issuer 
computer debits an account associated with the user. Next, the handset generates a 
load request message with a cryptographic signature and sends the load request 
35 message to an authentication computer that authenticates the smart card. The 
handset receives a response message that includes a cryptographic signature and 



s 
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S an approval to load. Finally, the handset validates the second cryptographic 
signature and loads the value onto the smart card that is inserted into the smart 
card reader slot. For payment, the system includes a merchant server and a 
payment server. First, the handset sends an order request message to the merchant 
server computer, and in return receives a purchase instruction message. ITie 
10 handset processes the purchase instruction message locally, and sends a draw 
request message to a payment server computer. The payment server computer 
sends a debit message that includes a cryptographic signature and an approval to 
debit the smart card. Finally, the handset validates the cryptograpliic signature and 
debits the smart card. 

15 

WOOO/48142 describes a payment terminal for accepting card payment. It 
concerns a payment terminal adapted for reading bankcards comprising a 
keyboard for inputting a confidential code, and at least a removable panel. It 
further comprises an antenna communicating with contactless cards, the panel 
20 indicating, in a first position, the zone for presenting the contactless card. 

None of the prior art provides an integrated payment method that can be used for 
both local and remote transactions. Also none integrate mobile payment, Internet 
payment, and Point Of Sale ("POS") payments into a single system; and all utilize 
25 a mobile-phone*dependent channel to communicate, or are not concerned with 
local payment. 

With the present invention there may be provided a "destroy-after-read** security 
feature that is not found in any of the prior art. It has the considerable advantage 
30 of not allov^ng unauthorized reuse of transaction data after the transaction has 
concluded. 

Object of the Invention 

The present invention has as its primary object the provision of a secure and 
35 integrated payment apparatus useable for both local and remote transactions. 
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S A further object is to provide a method and system for the apparatus to protect the 
security of transactions. 

Summary of the Invention 

10 With the above and other objects in mind, the present invention provides 
apparatus for performing a payment transaction, the apparatus including a mobile 
device having a telecommunications means, the teleconununi cations means 
including an antenna and a subscriber identity card for communication writh the 
mobile device; the subscriber identity card being able to obtain accotmt 

15 information of the customer from a smart card of the customer so that an amount 
for the payment is debited to the smart card, the mobile device being able to use 
the telecommunications means to communicate with a terminal to effect the 
payment transaction to the terminal thereby crediting the amount to the terminal; 
there being no requirement for physical contact between the antenna and the 

20 terminal, to effect the payment transaction. 

Preferably, the smart card is a contactless smart card. Alternatively, it may be a 
virtual smart card, all data of the smart card being maintained in a database 
controlled by a server. In a further alternative, it may be integrated with the 
25 subscriber identity card to fomi a hybrid subscriber identity card located within 
the mobile device; the account information and the amount being obtained from 
the hybrid subscriber identity card. 

The hybrid subscriber identity card may have two interfaces, including a first 
30 interface for interaction with the mobile device through a physical connection, and 
a second interface for interaction with a point-of-sale terminal using a radio 
frequency channel; as well as a conmion memory for the subscriber identity card 
and the smart card. It may also have separate microprocessors for the smart card 
and the subscriber identity card. 
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S The tenninal may be a point-of-sale terminal, the communication between the 
mobile device and the point-of-sale temiinal being by passing the antenna 
adjacent the point-of-sale temiinal. The communication between the mobile 
device and the temiinal is preferably radio frequency transmission, SMS, or over 
the Internet. 

10 

The mobile device and/or the telecommimications means may include a secure 
authentication module as an identity; and the mobile device preferably seeks 
approval of the payment transaction before crediting the amount to the terminal. 

15 The communication between the telecommunications means and the smart card 
may be by passing the antenna adjacent the smart card; and the communication 
between the telecommunications means and the database may be by use of a 
telecommunications network. 

20 IN another form the present invention provides apparatus for performing 
electronic payment transactions using a smart card, the apparatus including a 
mobile device having a telecommunication means for performing: at least one 
electronic payment transaction with and at a point-of-sale terminal using the smart 
card, and at least one further electronic payment transaction at and Math a remote 

25 terminal using the smart card. 

The telecommunications means may include an antenna and a subscriber identity 
card for communication with the mobile device; the subscriber identity card being 
able to obtain account information of the customer from a smart card of the 
30 customer so that an amount for the payment is debited to the smart card; the 
mobile device being able to use the telecommunications means to communicate 
with the point-of-sale terminal and the remote terminal to effect the payment 
transaction. 



wo 03/044710 



PCT/SGOl/00205 



8 

5 The payment transaction preferably credits the amount to the terminal; there being 
no requirement for physical contact between the antenna and the terminal to effect 
the payment transaction. 

The smart card may be a contactless smart card or, alternatively, a virtual smart 
1 0 card, all data of the smart card being maintained in a database controlled by a 
server. In a further alternative, the smart card and the subscriber identity card are 
integrated to form a hybrid subscriber identity card located within the mobile 
device. In this case the hybrid subscriber identity card preferably has two 
interfaces, including a first interface for interaction with the mobile device 
1 5 through a physical connection, and a second interface for interaction with a point- 
of-sale terminal using a radio frequency channel. 

The hybrid subscriber identity card may have a common memory for the 
subscriber identity card and the smart card; and the hybrid subscriber identity card 
20 may have separate microprocessors for the smart card and the subscriber identity 
card. 

The communication between the mobile device and the point-of-sale terminal 
being by passing the antenna adjacent the point-of-sale terminal; and the 
25 communication between the mobile device and the point-of-sale terminal is radio 
frequency transmission, SMS, or over the Internet. 

The mobile device or the telecommunications means may include a secure 
authentication module as an identity. Preferably, the mobile device seeks approval 
30 of the payment transaction before crediting the amount to the terminal. The 
conmiunication between the telecommunications means and the smart card may 
be by passing the antenna adjacent the smart card; and the communication 
between the telecommunications means and the database may be by use of a 
telecommunications network. 

35 
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5 In a further form, the present invention provides a method for effecting a payment 
transaction at and with a point-of-sale terminal by use of a mobile device having a 
telecommunications means; the method including: 

(a) passing an antenna of the telecommunications means adjacent the 
terminal to enable the terminal to communicate with the 

1 0 telecommunications means to pass a message to the mobile dcAace, the 

message including an amount required to be paid; 

(b) using the mobile device to debit a smart card with the amount; and 

(c) ag£un passing, or maintaining, the antenna adjacent the terminal to 
enable the telecommunications means to send the amount to the 

IS terminal. 

Preferably, the smart card is a contactless smart card and to debit the smart card 
the antenna of the telecommunications means is passed adjacent the smart card, 
there being conummication between the smart card and the telecommunications 

20 means so that the amount is debited to the smart card and credited in the 
telecommunications means for sending to the terminal. Alternatively, the smart 
card is a virtual smart card, all data of the smart card being maintained in a 
database controlled by a server. In a further alternative, the telecommunications 
means includes a subscriber identity card, the smart card and the subscriber 

25 identity card being integrated to form a hybrid subscriber identity card located 
within the mobile device. 

The hybrid smart card may have two interfaces, including a first interface for 
interaction with the mobile device through a physical connection, and a second 

30 interface for interaction with a point-K>f-sale terminal using a radio frequency 
channel. The mobile device may use the telecommunications means to 
conununicate v^th the terminal to effect the payment transaction to the terminal 
thereby passing the amount to the terminal. The communication between the 
mobile device and the temiinal may be radio frequency transmission, SMS, or 

35 over the Internet, 
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S The telecommunications means may include a subscriber identity caid for 
conmiunication between the telecommunications means and the mobile device; 
and the mobile device may seek approval of the payment transaction before 
crediting the amoimt to the terminal. 

10 The present invention also provides a method for effecting an electronic payment 
transaction between a first terminal and a second terminal, the method including 
the steps of the first terminal generating a random token and including the 
random token in a message; the first terniiaal sending the message with the 
random token to the second terminal; the first terminal receiving a payment credit 

15 and the random token from the second terminal, the random token being sent to 
the first terminal by the second terminal as a means to prevent the payment from 
being reused in an unauthorized manner, and the first terminal processing the 
payment credit and then destroying the random token. 

20 In a final form, the present invention provides a method for effecting an electronic 
payment transaction between a first terminal and a second terminal, the method 
including the steps of the second terminal receiving a message containing a 
randomly generated token from the first terminal; the second terminal processing 
the message and obtaining a payment credit for the payment transaction; and the 

25 second terminal sending the payment credit and the random token to the first 
terminal in a payment message, the random token being sent to the first terminal 
by the second terminal as a means to prevent the payment message from being 
reused in an unauthorized manner, and for destruction. 

30 In both forms the first terminal may be a supplier's terminal, and the second 
temiinal is a customer's terminal; the customer's terminal preferably being a 
mobile device having a telecommimications means and the supplier's terminal a 
point-of-sale terminal. 

35 The second terminal may have a telecommunications means and there may be 
included the extra steps of passing an antenna of the teleconununications means 
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5 adjacent the first terminal to enable the first teiminal to communicate with the 
telecommunications means to pass the message to tfie second terminal, the 
message including an amoimt required to be paid; using the second terminal to 
debit a smart card with the amount; and again passing, or maintaining, the antenna 
adjacent the first terminal to enable the telecommunications means to send the 
1 0 amoimt to the first terminal. 

The smart card may be a contactless smart card and to debit the smart card the 
antenna of the telecommunications means is passed adjacent the smart card, there 
being communication between the smart card and the telecommimications means 
15 so that the amount is debited to the smart card and credited in the 
teleconununications means for sending to the first temiinal 

The second terminal may use the telecommunications means to conununicate with 
the first terminal to effect the payment transaction to the first terminal thereby 
20 passing the amount to the first terminal. The communication between the first 
terminal and the second terminal may be Radio Frequency transmission, SMS, or 
over the IntemeL 

The telecommunications means may include a subscriber identity card for 
25 communication between the teleconununications means and the second terminal; 
the smart card and the subscriber identity card being integrated to form a hybrid 
subscriber identity card located within the second terminal, the payment credit 
being obtained firom the hybrid subscriber identity card. The hybrid subscriber 
identity card may have two interfaces, including a first interface for interaction 
30 with the second terminal through a physical connection, and a second interface for 
interaction with the first terminal using a radio frequency channel. It may also 
have a common memory for the subscriber identity card and the smart card; and 
separate microprocessors for the smart card and the subscriber identity card 

35 The conununication between the mobile device and the point-of-sale terminal is 
preferably by passing the antenna adjacent the point-of-sale terminal; and the 
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5 communication between the mobile device and the temiina] may be radio 
frequency transmission, SMS, or over the Internet. 

The message may include a bill for the amount, the bill preferably being 
combined with a certificate of the first terminal. The second terminal may encrypt 
10 the bill and information regarding the payment credit with an encryption key of 
the second terminal before sending to the first terminal. The second terminal may 
receive the payment credit fi-om a remote payment gateway, the pa)mient credit 
being passed directly fi-om the payment gateway to an account for the first 
terminal. 

15 

As can be seen, the present invention in a preferred form provides a contactless 
smart card that interfaces with local payment terminal through a RF (Radio 
Frequency) channel and a remote terminal by use of a mobile device. It can 
therefore simplify the payment process, and provide an integrate interface for all 

20 transactions. Compared with other parallel approaches, a higher security level 
may be achieved by using a method and system over the proposed apparatus. It 
can protect the confidentiality, authentication, integrity, non-repudiation and 
authorization of the transaction in both the physical and protocol layers. 
Furthermore, it's compatibility with most existing payment devices may make it 

25 more acceptable than other parallel payment methods, which generally require 
costly equipment upgrades. 

Transaction data may either be transferred between the customer's smart card and 
a local payment terminal by use of a smart card interface, preferably a contactless 
30 SIM card, or be transferred between the customer's smart card and a remote 
payment terminal through a mobile device network. The security in the 
transaction may be protected by a set of protocols over the apparatus. The 
payment method may provide a flexible and seamless solution to both local and 
remote payment applications. 

35 
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S Description of the Drawings 

In order that the invention may be readily understood and put into practical effect, 
there shall now be described by way of non-limitative example only preferred 
embodiments of the present invention, the description being with reference to the 
1 0 accompanying illustrative drawings in which: 

Figure 1 is an illustration of a payment system according to the present 
invention using two separate cards; 

15 Figure 2 is an illustration corresponding to Figure 1 but where a 

contactless SIM card is used; 

Figure 3 is a preferred implementation of Figure 1 ; and 

20 Figure 4 is an example of a billing message. 

Description of the Preferred Embodiment 

25 To first refer to Figure 1, there is shown a smart card, that may be a contactless 
smart card, a smart card with contacts, or a hybrid smart card that uses contacts 
and/or a built-in antenna and is therefore contactless. The smart card stores the 
customer's account information. There is also a mobile device (a phone as 
illustrated) that includes a telecommunications means such as, for example, a SIM 

30 (Subscriber Identity Module) card or other form of interface device that 
communicates with the mobile device; and a transaction protocol that enswe the 
security and non-repudiation of the transaction. The teleconmiunications means 
may also include an antenna. 

35 The smart card is a device that is passed near the antenna of the 
telecommunications means of the mobile device to carryout a transaction. 
Preferably, it has an electronic microchip and an antenna embedded inside the 
card body. These two components allow the device to conununirate with an 
antenna/coupler unit without physical contact. It may have a secure memory that 

40 stores customer's accoimt information. 
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The interface device between the smart card and the mobile phone is preferably, 
but not necessarily, the SIM card. The SIM card is a special smart card that 
communicates with the mobile device to provide the identity and other 
information of the subscriber. It also provides certain functions to control the 
10 mobile device. The standard of SIM card can be found in GSM 11.4, which is 
defined by The European Telecommunications Standards Institute (ETSI). If the 
mobile device uses a standard or protocol other than GSM, those standards or 
protocols may be applied and used with the present invention. 

The transaction protocols are used to define and control the transaction procedure. 
They may vary according to different applications, and in different layers. For 
example, a transaction that involves a PDA may use Secure Socket Layer (SSL) 
protocol in the transfer layer, and may apply certain authentication protocols to 
communicate with a sales terminal. 

To now refer to Figure 2, the smart card and the SIM card, are combined into one 
card - a hybrid SIM card with all of the functionality of the smart card and the 
protocol controller. The SIM card may have two sets of interfaces: one to interact 
with the mobile device through a physical connection, and an interface with a 
local payment terminal via an RF channel. 

The method of the present invention, in one form, includes the following steps: 

1 ) a SIM card is installed in the mobile device; 

2) the mobile device can be used for mobile payment as if a cash card (no 
30 identification needed) and/or an ATM card (protected by a PIN, with 

limited daily withdrawal, as in what is done with debit cards at present); 

3) the mobile device can be used for electronic payment as if an electronic 
checkbook (signature needed) and/or an electronic credit card (signature 
needed). With such an electronic payment, the mobile device works with a 

35 personal computer (PC). In such a case, it acts as a secure center for 



15 



20 



25 
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5 authenticating the identity of all involved parties, protecting the integrity 

of transaction data» and managing the secure account information; 

4) if the payment takes place at the POS, it is not necessary to send an SMS 
message; instead, an RF channel can be used; 

5) if the payment takes place at a remote site, for example a person to person 
10 ("P2P") pajmient, it can be accomplished by using SMS; and 

6) if the payment takes place using the Internet, for example an e-payment 
application, it can be accomplished by the network. In such a case, a PC 
may compose the bill and send it to the mobile device through an RF 
channel; the consumer can confirm the bill in the mobile device and send 

15 it back to the PC; the PC can capture the signature (if necessary); and the 

payment is send to the retailer using the Internet. In this instance, the PC is 
acting as if a local point-of-sale payment terminal. 

Figure 3 shows an implementation of the embodiment of Figure 1. 

20 

A contactless smart card is preferably, but not necessarily, a microprocessor card. 
It has an internal embedded antenna to communicate with an antenna/coupler unit 
without physical contact On the other hand, it can add, delete and manipulate 
information in its secure memory according to external instructions. For details, 
25 please refer to ISO/IEC 7816 for standards of IC cards and microprocessor card 
st£indards, and ISO 14443 for proximity (contactless) smart card standards. 

A SIM card is a smart card for GSM systems and holds the subscriber's ID 
niunber, security information and memory for a personal directory of nimibers 
30 thus allowing the subscriber to call from any GSM device. The SIM card is 
preferably a SIM Toolkit (STK) Card, which supports data management 
application for SIM cards. Please refer to ETSI GSM 1 1.14 for standards of SIM 
cards. 

35 Transaction information on the two cards is preferably synchronized to provide an 
integrated accoimt management. There are many different methods and devices to 
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S exchange data between two smart cards. For example^ an external microprocessor 
system may be applied to allow transparent communication between the SIM card 
and the smart card. It preferably supports Secure Authentication Module (SAM) 
in the microprocessor system so that the system can be used as a POS device. The 
SIM card may also share a common secure memory with the smart card to 
10 facilitate synchronization of transaction data. 

When an external microprocessor system is applied, the service program that 
controls the microprocessor system preferably resides in a secure memory. It is 
also preferred for the service program to be encrypted in the memory, and only 
15 decrypted when executed. The decryption program may reside in the internal 
secure memory of the microprocessor, which is not accessible by external 
programs. 

The communication between the mobile device and the mobile network may be 
20 protected by seciire protocols for integrity and confidentiality during the 
transaction process. An example of such a protocol is WTLS (Wireless 
Transaction Layer Security) protocol, which is a component of an as-yet-to-be- 
implemented MeT (Mobile Electronic Transaction) initiative. 

25 An example of conmiimication procedure from the smart card to the SIM card by 
means of the microprocessor system may be: 

1) the smart card sends a request to the microprocessor system for displaying 
a message on the mobile device; 

2) the microprocessor system interprets the request, and sends instruction to 
30 the SIM card; 

3) the SIM card interfaces with the mobile device and displays a message on 
the mobile device; 

4) the customer responds to the message; 

5) the response is captured and sent to the SIM card by the mobile device; 

35 6) the microprocessor queries the SIM card if the response is ready, and reads 

the response from the SIM card when it is ready; 
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S 7) the microprocessor writes the response to the smart card; and 

8) the smart card or the mobile device interacts with the external payment 
terminal according to the response. 



As shown in Figure 2, the SIM card and the smart card in the first preferred 
10 embodiment can be combined into one card, namely, a hybrid SIM card. In such a 
case, the SIM card and the smart card may share a common secure memory, but 
use separate microprocessors. 

The hybrid SIM card may interact with the mobile device with a standard SIM 
15 card interface as defined in ETSI GSM 11.14. If the mobile device is not in 
accordance with the GSM standard, other standards or protocols may be used. The 
remote transaction data may be sent to, or sent firom the hybrid SIM card as a 
short message, an email, or a voice message by the mobile device. The hybrid 
SIM card interacts with a local payment terminal with a standard contactless smart 
20 card interface as defined in ISO 14443. Local transaction data may be sent to, or 
sent fix)m the hybrid SIM card through a Radio Frequency (RF) channel. The 
hybrid SIM card also interacts with the user by displaying a message on the screen 
of the mobile device, and by reading the user's input from the mobile device. It is 
preferable that the hybrid SIM card includes a SAM (Secure Authenticity 
25 Module) or WIM (Wireless Identity Module) to provide non-repudiation for user 
identity. 

Transaction and security protocols assume that the consumer has installed the 
apparatus with Public Key Infi^astructure ("PKI") fimctionality and a 
30 public/private key pair. However, a secret key or other symmetrical encryption 
method can also be used if the service provider is a trusted party. 



A general framework of transaction protocols may be: 

1) the customer receives a bill from a payment terminal, and saves it to the 
35 mobile device; 

2) the customer selects a payment method; 
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5 3) the mobile device reads the account information of the customer from the 
smart card or the hybrid SIM card; 

4) the mobile device generates a message that includes payment information 
and/or bill infomiation and/or account information; 

5) a message for the customer is displayed on the mobile device, and the mobile 
1 0 device captures the customer's response; 

6) after the customer has approved or authorized the payment, a digital signature 
is generated to the payment message, according to a security key assigned to 
the customer's account; 

7) the mobile device sends the signed payment message to the payment terminal 
IS to accomplish the transaction; and 

8) the payment terminal may send a receipt to the apparatus if needed or 
requested. 

The bill may include information of the payee, transaction data, the amount of the 
20 payment required, and other related information. The related information may 
include a description of the goods or services, the place of transaction, and so 
forth. The bill may also be encoded to a short message, if necessary or requested; 
and may be encrypted to prevent a third party from obtaining transaction details. 

25 The payment terminal may be a device located at the POS, a mobile payment 
gateway, or a server computer. It may conmiunicate with other related parties 
such as, for example, one or more banks if necessary. 

The customer's account information may be stored in the smart card or the hybrid 
30 SIM card by an issuing bank, a mobile service provider, or any other authorized 
parties. Preferably, the account infomiation is stored in a secure memory or 
protected by a security algorithm to prevent a third party from accessing, 
tampering with, or falsifying the accoimt information. It may include the 
customer's name, issuing bank's name, account number, expiring date, and so 
3S forth. It may also include the account balance when handling the immediate 
transfer of money. 
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5 

The apparatus may then generate a payment message, which includes one or more 
selected from an account information, billing information, transaction audit trail, 
and timestamp for the transaction. It may be encoded and encrypted to form a 
secure short message. 

10 

A digital signature may be generated to protect the integrity and authenticity of 
the payment message to guarantee the non-repudiation for the duration of the 
transaction process. 

15 The keys for creating the digital signature may be pre-stored in the apparatus. It 
may be dynamically changed for each transaction. PKI may be used for 
encryption and decryption. 

The smart card may be a virtual smart card with all of the data normally in the 
20 memory of the smart card being held in a database controlled by a server. The 
customer can access the server through a gateway using their mobile device. 

The embodiment may vary between different applications. In the following 
sections detailed description of protocols in several application scenarios are 
25 given. 

1 . Cash card payment in mobile payment applications 

1) Paying at POS with a hybrid SIM card in the customer's mobile device: 

a) the retailer prepares a bill with the POS device. The bill includes the 
30 amoimt of money, time stamp, a random generated token, and other 

related information; 

b) the POS device signs the bill such that the bill is combined with a 
certificate of the POS device; 

c) the consumer moves their mobile device to be near the POS device to 
35 receive the bill over an RF channel; 
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d) the mobile device displays the bill» verifies that the bill comes from a 
certified POS device; 

e) the consumer confirms the bill by pressing a key such as, for example, 
"OK" or "Yes"; 

f) the mobile device encrypts the bill and the payment information with 
the consumer's encryption key; 

g) the mobile device sends payment authorization to the POS device 
through the RF channel; 

h) the mobile device deducts the related amount of money from the 
secure memory of its hybrid SIM card; and 

i) the POS device verifies the signature with integrated bill information 
and the random generated token, increases the amount of money in its 
secure memory, and destroys the token. 

2) As Above But Remote Paying Process: 

(a) the retailer prepares a bill with the POS/Mobile/PC device. The bill 
includes the amount of money, time stamp, a random generated 
token, and other related information; 

(b) the retailer signs the bill such that the bill is combined with a 
certificate of the retailer; 

(c) the retailer sends the signed bill to the consumer's mobile device 
by SMS; 

(d) the consumer's mobile device displays the bill, verifies that the bill 
comes from a certified retailer; 

(e) the consumer confirms the bill by pressing a relevant key such as, 
for example, "OK" or "Yes"; 

(f) the mobile device encrypts the bill and the payment information 
with the consumer's encryption key; 

(g) the mobile device sends the payment information to the retailer by 
use of SMS; 

(h) the mobile device deducts the relevant amount of money from the 
secure memory of its hybrid SIM card; 
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(i) the retailer verifies the signature with the integrated bill 
informaticn, increases the amount of money in its secure memory, 
and destroys the token; and 

(j) the retailer sends a confirmation message to the consumer's 
handset as a receipt. 



3) money transferring Process: 

a) the service provider presets a token for each SIM card; 

b) the sender signs a payment information message with their encryption 
key and sends it as an SMS to the receiver; 

15 c) the sender's mobile device deducts the relevant amoimt of money fix>m 

the secure memory of its hybrid SIM card; 

d) the SMS is first passed through the service provider's SMS gateway; 

e) the service provider decrypts the payment SMS by using the sender's 
public key; 

20 f) the service provider generates a new token, adds the preset token and 

the new token to the payment SMS; 

g) the service provider signs the payment SMS, sends the new SMS to the 
receiver; 

h) the receiver's mobile device receives the SMS, verifies it by the 
25 service provider's public key, verifies the token; 

i) the receiver's mobile device increases the amount of money in its 
secure memory; 

j) the receiver's mobile device destroys the preset token, replaces it with 
the new token that comes with the payment SMS; and 
30 k) the receiver may send a conformation SMS to the sender as a receipt. 

4) Internet Paying Process: 

This is similar to the paying process at the POS, except that the POS device is 
replaced by a PC, and a remote server prepares and forwards the bill through 
35 Internet. 
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5 5) Top-up Process: 

This is similar to the P2P transfer, except that the sender is now an authorized 
device such as, for example, an ATM kiosk or the mobile device. 



2, ATM card payment in mobile payment applications (protected by PDsH 

10 

1) Paying Process at POS: 

a) the retailer prepares a bill with the POS device. The bill includes the 
amount of money, time stamp, and other related information; 

b) the POS device signs the bill so that the bill is combined wdth a 
1 5 certificate of POS device; 

c) the consumer passes their mobile devices near the POS device to 
receive the bill over an RF channel; 

d) the mobile device displays the bill, verifies that the bill came firom a 
certified POS device; 

20 e) the consumer confirms the bill by entering their PIN niunber, and then 

pressing "OK", "Yes" or other relevant key; 

f) the mobile device encrypts the bill and the payment information with 
the consumer's encryption key; 

g) the mobile device sends the payment to the POS device through the RF 
25 channel; 

h) the POS device passes the payment information to a remote pasonent 
gateway such as, for example, their bank's payment gateway; 

i) the payment gateway verifies the signature with the integrated bill 
information, transfers the corresponding money from the consumers 

30 account to the retailer's account; 

j) the payment gateway sends a conformation signal to the POS device; 
and 

k) after receiving the conformation signal, the POS device then sends or 
prints a receipt for the consumer. 

35 

2) Remote Paying Process: 
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5 a) the retailer prepares a bill with the POS/Mobile/PC device. The bill 

includes the amount of money, time stamp, and other related 
information; 

b) the retailer signs the bill so that the bill is combined with a certificate 
of the retailer; 

10 c) the retailer sends the bill to the consxmier's mobile device using SMS; 

d) the mobile device displays the bill, verifies that the bill came from a 
certified retailer; 

e) the consumer confirms the bill by entering their PIN nxmiber and then 
pressing "OK", "Yes" or other relevant key; 

15 f) the mobile device encrypts the bill and the payment information with 

the consumer's encryption key; 

g) the mobile device sends the payment to the retailer using SMS; 

h) the SMS is first passed through the service provider's SMS gateway; 

i) the service provider's SMS gateway passes the payment information to 
20 a remote payment gateway, such as for example, their bank's payment 

gateways 

j) the payment gateway verifies the signature with the integrated bill 
information, and transfers the corresponding money firom the 
consumer's account to the retailer's account; 
25 k) the payment gateway sends a conformation signal to the retailer; and 

1) after receiving the conformation signal, the retailer may send a receipt 
to the consumer. 

3) P2P money transfer Process: 
30 a) the sender signs a payment information message with their encryption 

key and sends it as an SMS to the receiver; 

b) the SMS is first passed through the service provider's SMS gateway; 

c) the service provider's SMS gateway passes the payment information to 
a remote payment gateway, such as for example, their bank's payment 

35 gateway; 
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5 d) the payment gateway verifies the signature with the integrated bill 

information, and transfers the corresponding money from the sender*s 
accoimt to the receiver's account; 
e) the payment gateway sends a conformation signal to the receiver; and 
£) after receiving the conformation signal, the receiver may send a receipt 
10 to the sender. 

4) Internet Paying Process; 

This is similar to the paying process at the POS, except that the POS device is 
now replaced by a PC, and the bill is prepared by a remote server and sent 
1 5 over the Internet. 

5) Account Transfer Process: 

This is similar to the P2P money transfer, except that the sender is now an 
authorized device, such as for example, an ATM kiosk or the mobile device. 

20 

3. Electronic checkbook in electronic payment applications 

This is somewhat different to the applications described above in that the issuing 
of an electronic checkbook requires a valid signature of the payer. There are 
several ways to generate a valid signature to a specific docimient. An example is 
25 given in our international patent application number PCT/SGOl/00150 filed 16 
July 2001 entitled "Electronic sigmng of document", the contents of which are 
hereby incorporated by reference. 

A destroy-after-use strategy is applied to ensure that only one copy of a valid 
30 electronic check will exist at any time. The "destroy" action of the randomly 
generated key is perfomied by a secure hardware device, which is preferably 
tamper-proof and difficiilt to reverse engineer. 

The process may be: 
3S 1) issuing the checkbook: 
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S a) the consumer sends a request to the issuing bank using SMS or other 

relevant method; 

b) the issuing bank generates a number of random tokens, encrypts them 
using the consumer's encryption key, and sends them to the consumer 
using SMS; and 

10 c) the consumer's mobile device receives the tokens and stores them in 

its secure memory. 

2) sending a check: 

a) the consumer receives a bill over the Internet; 

b) the bill is sent to the consimier's mobile device using an RF channel; 

1 5 c) using a PC, the signature of the consumer is captured from a tablet and 

a valid hand signature for the bill is generated; 

d) the captured signature is also sent to the mobile device; 

e) the mobile device then integrates bill information, a preset token from 
the random tokens, and the captured signature into a document, 

20 encrypts the document using its private key, and sends it to the PC; 

f) the mobile device destroys the used token; and 

g) the consumer sends the e-check to the receiver through their PC. 

3) Validating a check: 

25 a) the receiver sends the check to the bank; 

b) the bank verifies the identity of both the sender and the receiver, the 
authenticity of the token, the integrity of the content, and the 
authenticity of the signature, then transfers money to the value of the 
e-check from the sender's account to the receiver's account; 
30 c) the bank then destroys the token; and 

d) a confirmation may be sent to the sender and/or the receiver as a 
receipt. 



4. Electronic credit card applications 
35 This is somewhat similar to the electronic checkbook, except that a fixed credit 
card number replaces the random generated token. 
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5 

The present invention therefore provides a new payment solution for both 
electronic commerce and mobile commerce. It provides an integrated solution for 
electronic payment, mobile payment and Internet payment; and is based on the 
widely accepted SMS service. Existing payment solutions mainly use WAP 

10 applications, which are difficult to use. Furthennore, the present invention may be 
compatible with all current GSM mobile devices. All a customer needs to do is to 
install a new SIM card, thus avoid costly upgrading of their mobile devices. It is 
also compatible with most existing transaction systems. Retailers may continue to 
use their related payment terminal and networks. Finally, it may combine with 

15 public key encryption to offer higher security and non-repudiation; and to manage 
the use of transaction data, therefore effectively blocking any third party from 
reusing or tampering with the data. 

Whilst there has been described in the foregoing description preferred 
20 embodiments of the present invention, it will be understood by those skilled in the 
technical field that many variations or modifications in details may be made 
without departing from the present invention. 

The present invention extends to all features disclosed both individually and in all 
25 possible combinations and permutations. 
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S The Claims: 

1 . Apparatus for performing a payment transaction, the apparatus including 

a mobile device having a telecommunications means, the teleconmiunications 
means including an antenna and a subscriber identity card for conununication 

1 0 with the mobile device; the subscriber identity card being able to obtain account 
information of the customer from a smart card of the customer so that an amoimt 
for the payment is debited to the smart card, the mobile device being able to use 
the telecommunications means to conmiunicate with a terminal to effect the 
payment transaction to the terminal thereby crediting the amount to the terminal; 

15 there being no requirement for physical contact between the antenna and the 
terminal, to effect the payment transaction. 

2. Apparatus as claimed in claim 1, wherein the smart card is a contactless 
smart card. 

20 

3. Apparatus as claimed in claim 1, wherein the smart card is a virtual smart 
card, all data of the smart card being maintained in a database controlled by a 
server. 

25 4. Apparatus as claimed in claim 1 , wherein the smart card and the subscriber 
identity card are integrated to form a hybrid subscriber identity card located 
within the mobile device; the account information and the amount being obtained 
from the hybrid subscriber identity card. 

30 S. Apparatus as claimed in claim 4, wherein the hybrid subscriber identity 
card has two interfaces, including a first interface for interaction with the mobile 
device through a physical connection, and a second interface for interaction with a 
point-of-sale terminal using a radio frequency channel. 
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S 6. Apparatus as claimed in claim 4 or claim wherein the hybrid subscriber 
identity card has a common memory for the subscriber identity card and the smart 
card. 

7. Apparatus as claimed in any one of claims 4 to 6, wherein the hybrid 
10 subscriber identity card has separate microprocessors for the smart card and the 

subscriber identity card. 

8. Apparatus as claimed in any one of claims 1 to 7, wherein the terminal is a 
point-of-sale terminal, the communication between the mobile device and the 

15 point-of-sale terminal being by passing the antenna adjacent the point-of-sale 
terminal. 

9. Apparatus as claimed in any one of claims 1 to 8, wherein the 
commimication between the mobile device and the terminal is selected firom the 

20 group consisting of: radio frequency transmission, SMS, and the Internet. 

10. Apparatus as claimed in any one of claims 1 to 9, wherein the mobile 
device includes a secure authentication module as an identity. 

25 11. Apparatus as claimed in any one of claims 1 to 9, wherein the 
telecommunications means includes a secure authentication module as an identity. 

12. Apparatus as claimed in any one of claims 1 to 11, wherein the mobile 
device seeks approval of the payment transaction before crediting the amount to 

30 the terminal. 

13. Apparatus as claimed in any one of claim 2 or any one of claims 8 to 12 
when appended to claim 2, wherein the communication between the 
telecommimications means and the smart card is by passing the antenna adjacent 

35 the smart card. 
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5 14. Apparatus as claimed in claini 3 or any one of claims 8 to 12 when 
appended to claim 3, wherein the communication between the 
telecommunications means and the database is by use of a teleconununications 
network. 

10 15. Apparatus for performing electronic payment transactions using a smart 
card, the apparatus including a mobile device having a telecommunication means 
for performing: at least one electronic payment transaction with and at a point-of- 
sale terminal using the smart card, and at least one further electronic payment 
transaction at and with a remote terminal using the smart card. 

16. Apparatus as claimed in claim 15, wherein the telecommimications 
means includes an antenna and a subscriber identity card for communication with 
the mobile device; the subscriber identity card being able to obtain account 
information of the customer from a smart card of the customer so that an amount 
for the payment is debited to the smart card, the mobile device being able to use 
the telecommunications means to communicate with the point-of-sale terminal 
and the remote terminal to effect the payment transaction. 

17. Apparatus as claimed in claim 16, wherein the payment transaction 
credits the amoimt to the terminal; there being no requirement for physical contact 
between the antenna and the terminal to effect the payment transaction. 

18. Apparatus as claimed in any one of claims 15 to 17, wherein the smart 
card is a contactless smart card. 

19. Apparatus as claimed in any one of claims 15 to 17, wherein the smart 
card is a virtual smart card, all data of the smart card being maintained in a 
database controlled by a server. 



wo 03/044710 



PCT/SGOl/00205 



30 

5 20. Apparatus as claimed in claim 16 or claim 17, wherein the smart card and 

the subscriber identity card are integrated to form a hybrid subscriber identity card 
located within the mobile device. 

21. Apparatus as claimed in claim 20, wherein the hybrid subscriber identity 
10 card has two interfaces, including a first interface for interaction with the mobile 

device through a physical connection, and a second interface for interaction with a 
point-of-sale terminal using a radio frequency channel. 

22. Apparatus as claimed in claim 20 or claim 21, wherein the hybrid 
15 subscriber identity card has a common memory for the subscriber identity card 

and the smart card. 

23. Apparatus as claimed in any one of claims 20 to 22, wherein the hybrid 
subscriber identity card has separate microprocessors for the smart card and the 

20 subscriber identity card. 

24. Apparatus as claimed in any one of claims 15 to 23, wherein the 
conmiunication between the mobile device and the point-of-sale terminal being by 
passing the antenna adjacent the point-of-sale terminal. 

25 

25. Apparatus as claimed in any one of claims 15 to 24, wherein the 
communication between the mobile device and the point-of-sale terminal is 
selected from the group consisting of: radio frequency transmission, SMS, and the 
Internet. 

30 

26. Apparatus as claimed in any one of claims 15 to 25, wherein the mobile 
device includes a secure authentication module as an identity. 

27. Apparatus as claimed in any one of claims 15 to 25, wherein the 
3S telecommunications means includes a secure authentication module as an identity. 
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5 28. Apparatus as claimed in any one of claims 15 to 27, wherein the mobile 
device seeks approval of the payment transaction before crediting the amount to 
the terminal. 

29. Apparatus as claimed in claim 18 or any one of claims 24 to 28 when 
10 appended to claim 18, wherein the communication between the 

telecommunications means and the smart card is by passing the antenna adjacent 
the smart card. 

30. Apparatiis as claimed in claim 19 or any one of claims 24 to 28 when 
15 appended to claim 19, wherein the communication between the 

telecommunications means and the database is by use of a telecommimications 
network. 

31. A method for effecting a pajonent transaction at and with a point-of-sale 
20 terminal by use of a mobile device having a telecommimications means; the 

method including: 

(d) passing an antenna of the telecommunications means adjacent the 
terminal to enable the terminal to conununicate with the 
teleconununications means to pass a message to the mobile device, the 

25 message including an amount required to be paid; 

(e) using the mobile device to debit a smart card with the amount; and 

(f) again passing, or maintaining, the antenna adjacent the terminal to 
enable the telecommunications means to send the amount to the 
terminal. 

30 

32. A method as claimed in claim 31, wherein the smart card is a contactless 
smart card and to debit the smart card the antenna of the telecommunications 
means is passed adjacent the smart card, there being conununication between the 
smart card and the telecommimications means so that the amount is debited to the 

35 smart card and credited in the telecommunications means for sending to the 
terminal. 
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33. A method as claimed in claim 31» wherein the smart card is a virtual smart 
card, all data of the smart card being maintained in a database controlled by a 
server. 

10 34. A method as claimed in claim 31, wherein the teleconmiunications means 
includes a subscriber identity card, the smart card and the subscriber identity card 
being integrated to form a hybrid subscriber identity card located within the 
mobile device. 

15 35. A method as claimed in claim 34, wherein the hybrid smart card has two 
interfaces, including a first interface for interaction with the mobile device 
through a physical connection, and a second interface for interaction with a point- 
of-sale terminal using a radio frequency channel. 

20 36. A method as claimed in claim 32 or claim 33, wherein the mobile device 
uses the telecommunications means to communicate with the terminal to effect 
the payment transaction to the terminal thereby passing the amoimt to the 
terminal. 

25 37. A method as claimed in any one of claims 31 to 37, wherein the 
conmiunication between the mobile device and the terminal is selected from the 
group consisting of: radio frequency transmission, SMS, and the Internet. 

38. A method as claimed in any one of claims 31 to 33, wherein the 
30 telecommunications means includes a subscriber identity card for communication 

between the teleconununications means and the mobile device. 

39. A method as claimed in any one of claims 31 to 38, wherein the mobile 
device seeks approval of the payment transaction before crediting the amount to 

35 the terminal. 
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5 40. A method for effecting an electronic payment transaction between a first 
terminal and a second terminal, the method including the steps of: 

(a) the first terminal generating a random token and including the random 
token in a message; 

(b) the first terminal sending the message with the random token to the 
1 0 second terminal; 

(c) the first terminal receiving a payment credit and the random token 
fix)m the second terminal, the random token being sent to the first 
terminal by the second terminal as a means to prevent the payment 
fi'om being reused in an vinauthorized manner; and 

1 5 (d) the first terminal processing the payment credit and then destroying the 

random token. 

41 . A method for effecting an electronic payment transaction between a first 
terminal and a second terminal, the method including the steps of: 
20 (a) the second terminal receiving a message containing a randomly 

generated token fi-om the first terminal; 

(b) the second terminal processing the message and obtaining a payment 
credit for the payment transaction; and 

(c) the second terminal sending the payment credit and the random token 
25 to the first terminal in a payment message^ the random token being 

sent to the first terminal by the second terminal as a means to prevent 
the payment message firom being reused in an unauthorized manner, 
and for destruction. 

30 42. A method as claimed in claim 40 or claim 41, wherein the first temxinal 
is a supplier's terminal, and the second terminal is a customer's terminal. 



35 



43. A method as claimed in claim 42, wherein the customer's terminal is a 
mobile device having a telecommunications means. 
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5 44, A method as claimed in claim 42 or claim 43, wherein the supplier's 
terminal is a point-of-sale terminal. 

45. A method as claimed in any one of claims 40 to 42, wherein the second 
terminal has a telecommunications means; the method further including the steps 
10 of: 

(a) passing an antenna of the telecommimications means adjacent the first 
terminal to enable the first terminal to communicate with the 
telecommunications means to pass the message to the second terminal, 
the message including an amoimt required to be paid; 
15 (b) using the second terminal to debit a smart card with the amount; and 

(c) again passing, or maintaining, the antenna adjacent the first terminal to 
enable the telecommunications means to send the amount to the first 
terminal. 

20 46. A method as claimed in claim 45, wherein the smart card is a contactless 
smart card and to debit the smart card the antenna of the telecommunications 
means is passed adjacent the smart card, there being communication between the 
smart card and the telecommunications means so that the amount is debited to the 
smart card and credited in the telecommunications means for sending to the first 

25 terminal. 

47. A method as claimed in claim 46, wherein the second terminal uses the 
telecommunications means to communicate with the first terminal to effect the 
payment transaction to the first terminal thereby passing the amount to the first 

30 terminal. 

48. A method as claimed in any one of claims 40 to 47, wherein the 
communication between the first terminal and the second terminal is selected 
fi-om the group consisting of: Radio Frequency transmission, SMS, and the 

35 Internet. 
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5 49. A method as claimed in any one of claims 40 to 48, wherein the 
telecommunications means includes a subscriber identity card for communication 
between the telecommimications means and the second terminal. 

50. A method as claimed in claim 49, wherein the smart card and the 
10 subscriber identity card are integrated to form a hybrid subscriber identity card 

located within the second terminal, the payment credit being obtained from the 
hybrid subscriber identity card. 

51. A method as claimed in claim 50, wherein the hybrid subscriber identity 
15 card has two interfaces, including a fu-st interface for interaction with the second 

terminal through a physical connection, and a second interface for interaction with 
the first temiinal using a radio frequency channel. 

52. A method as claimed in claim 50 or claim 51, wherein the hybrid 
20 subscriber identity card has a conunon memory for the subscriber identity card 

and the smart card. 

53. A method as claimed in any one of claims 50 to 52, wherein the hybrid 
subscriber identity card has separate microprocessors for the smart card and the 

25 subscriber identity card. 

54. A method as claimed in claim 44, wherein the conmiunication between the 
mobile device and the point-of-sale terminal is by passing the antenna adjacent the 
point-of-sale temiinal. 

30 

55. A method as claimed in claim 54, wherein the communication between the 
mobile device and the temiinal is selected from the group consisting of: radio 
frequency transmission, SMS, and the Internet. 

35 56. A method as claimed in any one of claims 40 to 55, wherein the message 
includes a bill for the amount. 
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5 

57. A method as claimed in claim 56, wherein the bill is combined with a 
certificate of the first terminal. 

58. A method as claimed in claim 56 or claim 57, wherein the second 
10 terminal encrypts the bill and information regarding the payment credit with an 

encryption key of the second terminal before sending to the first terminal. 

59. A method as claimed in claim 43, wherein the second terminal receives 
the payment credit from a remote payment gateway. 

15 

60. A method as claimed in claim 59, wherein the payment credit is passed 
directly from the payment gateway to an accoimt for the first terminal. 

61 . Apparatus as claimed in any one of claims 1 to 30, when used to perform 
20 the method of any one of claims 3 1 to 60. 



62. A method as claimed in any one of claims 31 to 60, when performed 
using the apparatus of any one of claims 1 to 30. 
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